Nixpkgs security tracker

Untriaged

Permalink CVE-2026-2657

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 2 months ago Activity log

Created suggestion 2 months ago

wren-lang wren Error Message wren_compiler.c printError stack-based overflow

A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-346455 | wren-lang wren Error Message wren_compiler.c printError stack-based overflow vdb-entrytechnical-description
VDB-346455 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #752791 | wren-lang wren main branch Stack-based Buffer Overflow third-party-advisory
https://github.com/wren-lang/wren/issues/1221 issue-tracking
https://github.com/oneafter/0122/blob/main/i1221/repro exploit
https://github.com/wren-lang/wren/ product

Affected products

wren

==0.2
==0.3
==0.4.0
==0.1

Matching in nixpkgs

pkgs.fairywren

FairyWren Icon Set

nixos-unstable 0-unstable-2026-02-08
- nixpkgs-unstable 0-unstable-2026-02-08
- nixos-unstable-small 0-unstable-2026-02-08
nixos-25.11 0-unstable-2024-06-10
- nixos-25.11-small 0-unstable-2024-06-10
- nixpkgs-25.11-darwin 0-unstable-2024-06-10

Package maintainers

@D3vil0p3r Antonio Voza <vozaanthony@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.fairywren

Package maintainers